On Wed, 9 May 2018 08:37:38 -0300 Carlos via samba <samba at lists.samba.org> wrote:> Hi! > > More information: > > samba -v (compilated) > > Version 4.4.4 > > Totla Dcs = 16 > > smb.conf: > > [global] > workgroup = XXXX > realm = XXXX.xxxxx.com.br > netbios name = upsilon > server role = active directory domain controller > #passdb backend = tdbsam > passdb backend = samba_dsdb > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc,dnsupdate > map archive = No > map readonly = no > store dos attributes = Yes > vfs objects = dfs_samba4 acl_xattr > dns forwarder = XXXXXXX > dns forwarder = XXXXXXX > > ldap server require strong auth = no > > # Disable Cups > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes >Is there a valid reason why you have messed with the smb.conf in the way you have ? I can understand the printer lines, but the rest ??? I would remove the following lines: #passdb backend = tdbsam passdb backend = samba_dsdb map archive = No map readonly = no store dos attributes = Yes vfs objects = dfs_samba4 acl_xattr dns forwarder = XXXXXXX dns forwarder = XXXXXXX See if doing this helps, I also cannot understand why, when you are compiling Samba, you are not using a more recent version. Rowland
Thanks for answering! These lines have been placed in the wrong way for a long time (servers are already over 3 years old), at the time they did not have so much "knowledge", then because of compatibility (and fear of stopping something, I left the mesmeas) :-D I use this version because all other Dcs are in this, until I can not get a window of time to update, I'm keeping this version. This message shook after I had a dead DC, removed by "demote", and rebranded it with the same name (add join ...). In the "new DC" also message like that. May 9 09:28:49 dc108 samba [1979]: UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED / NT code 0xc0002105 for e2eb738a-8c18-4f3e-aa5c-5968aabb4288._msdcs.XXXXXX.XXXX DC = XXX, DC = XXX, DC = XXX, DC = XXX Strange that "e2eb738a-8c18-4f3e-aa5c-5968aabb4288" is itself, the "new" dc ... Any idea ? I think a "old informatio" about DC "dead"... :-| Regards;; On 09-05-2018 09:21, Rowland Penny via samba wrote:> On Wed, 9 May 2018 08:37:38 -0300 > Carlos via samba <samba at lists.samba.org> wrote: > >> Hi! >> >> More information: >> >> samba -v (compilated) >> >> Version 4.4.4 >> >> Totla Dcs = 16 >> >> smb.conf: >> >> [global] >> workgroup = XXXX >> realm = XXXX.xxxxx.com.br >> netbios name = upsilon >> server role = active directory domain controller >> #passdb backend = tdbsam >> passdb backend = samba_dsdb >> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, >> drepl, winbindd, ntp_signd, kcc,dnsupdate >> map archive = No >> map readonly = no >> store dos attributes = Yes >> vfs objects = dfs_samba4 acl_xattr >> dns forwarder = XXXXXXX >> dns forwarder = XXXXXXX >> >> ldap server require strong auth = no >> >> # Disable Cups >> load printers = no >> printing = bsd >> printcap name = /dev/null >> disable spoolss = yes >> > Is there a valid reason why you have messed with the smb.conf in the > way you have ? > I can understand the printer lines, but the rest ??? > I would remove the following lines: > > #passdb backend = tdbsam > passdb backend = samba_dsdb > map archive = No > map readonly = no > store dos attributes = Yes > vfs objects = dfs_samba4 acl_xattr > dns forwarder = XXXXXXX > dns forwarder = XXXXXXX > > See if doing this helps, I also cannot understand why, when you are > compiling Samba, you are not using a more recent version. > > Rowland > >
L.P.H. van Belle
2018-May-09 12:40 UTC
[Samba] DsGetNCChanges 2nd replication on different
>> UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED / NT codeIf you use the RSAT tools ( dns administrator in windows ) Go to the A record, check the security tab, it needs SELF, i think thats missing Or point to an old server. Compair it to an other record, but i think this is the problem. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Carlos via samba > Verzonden: woensdag 9 mei 2018 14:32 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] DsGetNCChanges 2nd replication on different > > Thanks for answering! > > These lines have been placed in the wrong way for a long time > (servers > are already over 3 years old), at the time they did not have so much > "knowledge", then because of compatibility (and fear of stopping > something, I left the mesmeas) :-D > > I use this version because all other Dcs are in this, until I can not > get a window of time to update, I'm keeping this version. > > This message shook after I had a dead DC, removed by "demote", and > rebranded it with the same name (add join ...). > In the "new DC" also message like that. > > May 9 09:28:49 dc108 samba [1979]: UpdateRefs failed with > WERR_DS_DRA_ACCESS_DENIED / NT code 0xc0002105 for > e2eb738a-8c18-4f3e-aa5c-5968aabb4288._msdcs.XXXXXX.XXXX DC = > XXX, DC = > XXX, DC = XXX, DC = XXX > > Strange that "e2eb738a-8c18-4f3e-aa5c-5968aabb4288" is > itself, the "new" > dc ... > > Any idea ? > > > I think a "old informatio" about DC "dead"... :-| > > > Regards;; > > > On 09-05-2018 09:21, Rowland Penny via samba wrote: > > On Wed, 9 May 2018 08:37:38 -0300 > > Carlos via samba <samba at lists.samba.org> wrote: > > > >> Hi! > >> > >> More information: > >> > >> samba -v (compilated) > >> > >> Version 4.4.4 > >> > >> Totla Dcs = 16 > >> > >> smb.conf: > >> > >> [global] > >> workgroup = XXXX > >> realm = XXXX.xxxxx.com.br > >> netbios name = upsilon > >> server role = active directory domain controller > >> #passdb backend = tdbsam > >> passdb backend = samba_dsdb > >> server services = s3fs, rpc, nbt, wrepl, ldap, > cldap, kdc, > >> drepl, winbindd, ntp_signd, kcc,dnsupdate > >> map archive = No > >> map readonly = no > >> store dos attributes = Yes > >> vfs objects = dfs_samba4 acl_xattr > >> dns forwarder = XXXXXXX > >> dns forwarder = XXXXXXX > >> > >> ldap server require strong auth = no > >> > >> # Disable Cups > >> load printers = no > >> printing = bsd > >> printcap name = /dev/null > >> disable spoolss = yes > >> > > Is there a valid reason why you have messed with the smb.conf in the > > way you have ? > > I can understand the printer lines, but the rest ??? > > I would remove the following lines: > > > > #passdb backend = tdbsam > > passdb backend = samba_dsdb > > map archive = No > > map readonly = no > > store dos attributes = Yes > > vfs objects = dfs_samba4 acl_xattr > > dns forwarder = XXXXXXX > > dns forwarder = XXXXXXX > > > > See if doing this helps, I also cannot understand why, when you are > > compiling Samba, you are not using a more recent version. > > > > Rowland > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On Wed, 9 May 2018 09:31:56 -0300 Carlos via samba <samba at lists.samba.org> wrote:> Thanks for answering! > > These lines have been placed in the wrong way for a long time > (servers are already over 3 years old), at the time they did not have > so much "knowledge", then because of compatibility (and fear of > stopping something, I left the mesmeas) :-D > > I use this version because all other Dcs are in this, until I can not > get a window of time to update, I'm keeping this version. > > This message shook after I had a dead DC, removed by "demote", and > rebranded it with the same name (add join ...). > In the "new DC" also message like that. > > May 9 09:28:49 dc108 samba [1979]: UpdateRefs failed with > WERR_DS_DRA_ACCESS_DENIED / NT code 0xc0002105 for > e2eb738a-8c18-4f3e-aa5c-5968aabb4288._msdcs.XXXXXX.XXXX DC = XXX, DC > = XXX, DC = XXX, DC = XXX > > Strange that "e2eb738a-8c18-4f3e-aa5c-5968aabb4288" is itself, the > "new" dc ... >Re-using a DC name etc doesn't seem to be a good idea, you should have used a new name etc. Whilst you demoted the old DC, it still left information about itself in AD. Amongst the output you originally posted was this fragment '0ADEL' this means the record is a tombstone and they are not removed until the tombstone lifetime is reached, 180 days unless you have altered it. Upgrading a self compiled Samba is fairly easy, download the required tarball and unpack it, move into the directory created by the unpacking, ensure that any new dependencies are installed and the configure it with the same options as the running install. Then run 'make', stop Samba and run 'make install' as root, restart Samba. You should now be using the new version of Samba. The 'make install' should only take minutes. Rowland
Thanks. They would all be the same, "SAME" in segurity. Regards; On 09-05-2018 09:40, L.P.H. van Belle via samba wrote:>>> UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED / NT code > If you use the RSAT tools ( dns administrator in windows ) > Go to the A record, check the security tab, it needs SELF, i think thats missing > Or point to an old server. > > Compair it to an other record, but i think this is the problem. > > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Carlos via samba >> Verzonden: woensdag 9 mei 2018 14:32 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] DsGetNCChanges 2nd replication on different >> >> Thanks for answering! >> >> These lines have been placed in the wrong way for a long time >> (servers >> are already over 3 years old), at the time they did not have so much >> "knowledge", then because of compatibility (and fear of stopping >> something, I left the mesmeas) :-D >> >> I use this version because all other Dcs are in this, until I can not >> get a window of time to update, I'm keeping this version. >> >> This message shook after I had a dead DC, removed by "demote", and >> rebranded it with the same name (add join ...). >> In the "new DC" also message like that. >> >> May 9 09:28:49 dc108 samba [1979]: UpdateRefs failed with >> WERR_DS_DRA_ACCESS_DENIED / NT code 0xc0002105 for >> e2eb738a-8c18-4f3e-aa5c-5968aabb4288._msdcs.XXXXXX.XXXX DC >> XXX, DC >> XXX, DC = XXX, DC = XXX >> >> Strange that "e2eb738a-8c18-4f3e-aa5c-5968aabb4288" is >> itself, the "new" >> dc ... >> >> Any idea ? >> >> >> I think a "old informatio" about DC "dead"... :-| >> >> >> Regards;; >> >> >> On 09-05-2018 09:21, Rowland Penny via samba wrote: >>> On Wed, 9 May 2018 08:37:38 -0300 >>> Carlos via samba <samba at lists.samba.org> wrote: >>> >>>> Hi! >>>> >>>> More information: >>>> >>>> samba -v (compilated) >>>> >>>> Version 4.4.4 >>>> >>>> Totla Dcs = 16 >>>> >>>> smb.conf: >>>> >>>> [global] >>>> workgroup = XXXX >>>> realm = XXXX.xxxxx.com.br >>>> netbios name = upsilon >>>> server role = active directory domain controller >>>> #passdb backend = tdbsam >>>> passdb backend = samba_dsdb >>>> server services = s3fs, rpc, nbt, wrepl, ldap, >> cldap, kdc, >>>> drepl, winbindd, ntp_signd, kcc,dnsupdate >>>> map archive = No >>>> map readonly = no >>>> store dos attributes = Yes >>>> vfs objects = dfs_samba4 acl_xattr >>>> dns forwarder = XXXXXXX >>>> dns forwarder = XXXXXXX >>>> >>>> ldap server require strong auth = no >>>> >>>> # Disable Cups >>>> load printers = no >>>> printing = bsd >>>> printcap name = /dev/null >>>> disable spoolss = yes >>>> >>> Is there a valid reason why you have messed with the smb.conf in the >>> way you have ? >>> I can understand the printer lines, but the rest ??? >>> I would remove the following lines: >>> >>> #passdb backend = tdbsam >>> passdb backend = samba_dsdb >>> map archive = No >>> map readonly = no >>> store dos attributes = Yes >>> vfs objects = dfs_samba4 acl_xattr >>> dns forwarder = XXXXXXX >>> dns forwarder = XXXXXXX >>> >>> See if doing this helps, I also cannot understand why, when you are >>> compiling Samba, you are not using a more recent version. >>> >>> Rowland >>> >>> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> >